Data Privacy Innovation

Moving the decentralised web forward

Sir Tim Berners-Lee (aka founder of the WWW) has been writing for a long time about the issues that have surfaced in the web, especially security, dominance and lack of individual controls. He is frustrated that much of the web is about “documents” and not “data”. Over the past four years he has been thinking about and building SOLID. The sister company Inrupt, which was founded by John Bruce and Sir Tim, is now public – so we can start to get a look under the hood.

This all stems from a vision for a “read-write web where users can interact and innovate, collaborate and share”, which has been a driving force for many for a long time. I used the terms “create” and “consume” in Mobile Web 2.0 back in 2007 and how we should build a better balance as we create (write) little and consumer (read/ watch) much – and in some places the ability to write is curtailed by authorities.

I am an avid supporter of transparency, open governance and user empowerment – I love what Sir Tim says and endorse anything that helps us move from the existing base of technology silos and disempowered users, towards decentralisation and freedom (meaning you get to make your own choices about privacy and sharing).

For me, decentralisation is where the user can, if they choose, have control and rights over their own data. This does not mean they will understand how it happens or necessarily be able to do everything themselves, but they will control how it is enabled for them. How many of us could build a telephone or IM network? How many of us use smartphones and IM without understanding their internals, but still love the fact that they “just work”? And so it should also be with personal data.

The first part of building this future is to create lockers, data stores, vaults, or in Sir Tim’s world PODs (Personal Online Datastores) – places where personal data can be stored securely. The next piece is about consent and how someone else can access your data in a managed way.

Solid’s protocols propose treating data differently to how it is handled today. The static data of today becomes “Linked Data” and retains properties such as where the data came from and who has various rights to access. This linkage and control means that data remains dynamic and its path and history can be known with certainty….. not unlike the concept of immutable records on a blockchain.

Here at digi.me, we are on the same journey, decentralising data and enabling the user to gain control of it, and then decide and choose how it is accessed or used. Fundamentally we empower users.

Crucially, not only are we already innovating around decentralisation with an existing suite of apps that are already live, using data that is fully private and secured, we also wholeheartedly embrace efforts to create more and more decentralised technology elsewhere.

There are many interactions we envisage with Solid and our team is excited to be playing in the sandbox.

Our thinking was to design-in security from day 1, and we treat security as both a practical and a theoretical challenge. This means we design and write code with two pairs of eyes and independent verification; we never let people who write code touch live systems and vice versa.

When we write security functions, we use only proven techniques and known public libraries of algorithms that have stood the test of time and are battle-worn. In selecting cryptographic algorithms, we only use the latest ones that meet banking and electronic health record standards.

All our public APIs are designed to withstand all the primary aggressive interventions from brute force and randomisation attacks to every class of forgery and interdiction. We apply the same rigour to the way we bring users’ personal data into our system and give them control over its storage and sharing.

The future is all about empowering and protecting users’ right to privacy and choice. We look forward to following Solid’s journey and working together wherever we can for the benefit of all.